nanog mailing list archives

Re: BGP Exploit

From: Iljitsch van Beijnum <iljitsch () muada com>
Date: Thu, 13 May 2004 14:16:32 +0200


On 13-mei-04, at 13:31, Mark Johnson wrote:

I think what I'm trying to ask is:

1. Does anyone know if the exploit is actually being used? and
2. I assume there is no way to identify an exploit reset from the usual
resets caused by routers hanging, ports failing, DDoS's, etc. However,I
thought I'd ask...

This is from a couple of weeks, give or take, on an interface with 100or so peers:


    deny tcp any any eq bgp rst log-input (3714 matches)

If this is an attack I wish they were all like this.  :-)

Current thread:

RE: BGP Exploit, (continued)
- RE: BGP Exploit Smith, Donald (May 05)
  - Re: BGP Exploit Patrick W . Gilmore (May 05)
    - Re: BGP Exploit Christopher L. Morrow (May 05)
    - Re: BGP Exploit Patrick W . Gilmore (May 06)
    - Re: BGP Exploit Christopher L. Morrow (May 06)
    - Re: BGP Exploit Ingo (May 07)
- RE: BGP Exploit Smith, Donald (May 06)
- RE: BGP Exploit Mark Johnson (May 12)
  - Re: BGP Exploit Danny McPherson (May 12)
- RE: BGP Exploit Mark Johnson (May 13)
  - Re: BGP Exploit Iljitsch van Beijnum (May 13)